CVE-2025-60962
Published: 06 October 2025
Description
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Security Summary
CVE-2025-60962 is an OS Command Injection vulnerability (CWE-78) in the EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware version 6010-0071-000 Ver 4.00. Published on 2025-10-06T17:16:07.080, it carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N), indicating high severity due to network accessibility, low attack complexity, and no requirements for privileges or user interaction.
Remote attackers can exploit this vulnerability without authentication by injecting operating system commands, potentially gaining sensitive information and achieving other unspecified impacts. The high integrity impact score reflects the potential for significant unauthorized modifications, while confidentiality impact is low and availability remains unaffected.
Advisories referenced in the CVE details, including https://xdiv-sec.github.io/vulnerability-research/advisories/2025-10-03-sonoma-d12 from xdiv-sec, along with vendor sites at http://endrun.com and http://sonoma.com, provide further information on the issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote unauthenticated OS command injection in a public-facing network time server directly enables T1190 (Exploit Public-Facing Application) as the initial access vector and facilitates T1059 (Command and Scripting Interpreter) for arbitrary command execution.